Minutes interim-2020-mls-23: Tue 11:00
minutes-interim-2020-mls-23-202010201100-00
|
Meeting Minutes |
|
Messaging Layer Security
(mls) WG
|
Title |
|
Minutes interim-2020-mls-23: Tue 11:00 |
State |
|
Active |
Other versions |
|
plain text
|
Last updated |
|
2020-11-25 |
Meeting Minutes
minutes-interim-2020-mls-23-202010201100
# Issues/PRs
- #142, #160
- Richard: Just close?
- **Close**
- #426
- Konrad: We inject GroupContext as if key. But purpose is to achieve key
separation. Should either inject into each step, or have one Extract step
before all.
- Richard: Prefer once rather than all the time.
- **Merge #427**
- #373
- Brendan: Probably not something we're going to handle.
- Richard: Agree, good to close.
- **Close**
- No ticket
- Joel: When is deadline to change how parent hashes are computed?
- Brendan: Why
- Joel: Discussed in past, whether parent hash should include tree hash or
not. Creates weaker guarantees for member joining group. Say a signing key
is leaked. Alice gets a Welcome and joins group. How quickly group is secure
again depends on how parent hash is computed; including tree hash makes
group secure faster.
- Richard: Karthik was worried about group agreement at the interim in NY.
Sounds like Joel has concrete attacks.
- Brendan: I think this is controlled a lot by the fact that we sign
GroupContexts.
- **Conclusion:** Joel will raise in more detail on mailing list.
- #427
- **Merge.**
- #423
- **Merge.**
- #422
- Raphael: Significant performance improvement in some cases.
- **Merge.**
- #414
- **Conclusion:** Minor issues to fix, then good to merge.
- #421
- **Action items:**
- Rename recovery secret to resumption.
- Add back section on Recovery Key.
- Add text to re-originate ReInit proposals when there are others.
- Make clear with multiple ReInits.
- #406
- Brendan: Contrasting GroupKeyPackage with GroupInfo, GroupInfo is signed.
Shouldn't we also sign GroupKeyPackage?
- Raphael: Bad for deniability.
- Brendan: But if people use External Commit primarily, then it seems like you
have weaker group agreement.
- Richard: Probably need to go to mailing list.
- **Conclusion:** Additional concerns to be raised on mailing list.